Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2026-3192

5.6 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 2 weeks ago by @mweinelt Activity log

Created automatic suggestion 3 weeks, 2 days ago
@mweinelt removed
15 packages
- python312Packages.blockchain
- python312Packages.python-blockchain-api
- python313Packages.python-blockchain-api
- python314Packages.python-blockchain-api
- haskellPackages.amazonka-managedblockchain
- python312Packages.mypy-boto3-managedblockchain
- python313Packages.mypy-boto3-managedblockchain
- python314Packages.mypy-boto3-managedblockchain
- python312Packages.mypy-boto3-managedblockchain-query
- python313Packages.mypy-boto3-managedblockchain-query
- python314Packages.mypy-boto3-managedblockchain-query
- python312Packages.types-aiobotocore-managedblockchain
- python313Packages.types-aiobotocore-managedblockchain
- python312Packages.types-aiobotocore-managedblockchain-query
- python313Packages.types-aiobotocore-managedblockchain-query
2 weeks ago
@mweinelt dismissed 2 weeks ago

Chia Blockchain RPC Credential rpc_server_base.py _authenticate improper authentication

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".

References

https://github.com/Danimlzg/chia-rpc-auth-bypass.git exploit
VDB-347748 | Chia Blockchain RPC Credential rpc_server_base.py _authenticate improper authentication vdb-entry technical-description
VDB-347748 | CTI Indicators (IOB, IOC, IOA) signature permissions-required

Affected products

Blockchain

==2.1.0

Ignored packages (15)

pkgs.python312Packages.blockchain

Python client Blockchain Bitcoin Developer API

nixos-25.11 1.4.4
- nixos-25.11-small 1.4.4
- nixpkgs-25.11-darwin 1.4.4

pkgs.python312Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.python313Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.python314Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2

pkgs.haskellPackages.amazonka-managedblockchain

Amazon Managed Blockchain SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.python312Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-25.11 boto3-managedblockchain-1.41.0
- nixos-25.11-small boto3-managedblockchain-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-1.41.0

pkgs.python313Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-unstable boto3-managedblockchain-1.42.3
- nixpkgs-unstable boto3-managedblockchain-1.42.3
- nixos-unstable-small boto3-managedblockchain-1.42.3
nixos-25.11 boto3-managedblockchain-1.41.0
- nixos-25.11-small boto3-managedblockchain-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-1.41.0

pkgs.python314Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-unstable boto3-managedblockchain-1.42.3
- nixpkgs-unstable boto3-managedblockchain-1.42.3
- nixos-unstable-small boto3-managedblockchain-1.42.3

pkgs.python312Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-25.11 boto3-managedblockchain-query-1.41.0
- nixos-25.11-small boto3-managedblockchain-query-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-query-1.41.0

pkgs.python313Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-unstable boto3-managedblockchain-query-1.42.3
- nixpkgs-unstable boto3-managedblockchain-query-1.42.3
- nixos-unstable-small boto3-managedblockchain-query-1.42.3
nixos-25.11 boto3-managedblockchain-query-1.41.0
- nixos-25.11-small boto3-managedblockchain-query-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-query-1.41.0

pkgs.python314Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-unstable boto3-managedblockchain-query-1.42.3
- nixpkgs-unstable boto3-managedblockchain-query-1.42.3
- nixos-unstable-small boto3-managedblockchain-query-1.42.3

pkgs.python312Packages.types-aiobotocore-managedblockchain

Type annotations for aiobotocore managedblockchain

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-managedblockchain

Type annotations for aiobotocore managedblockchain

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python312Packages.types-aiobotocore-managedblockchain-query

Type annotations for aiobotocore managedblockchain-query

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-managedblockchain-query

Type annotations for aiobotocore managedblockchain-query

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

Not in nixpkgs